Forum Discussion
bluepet_10591
Jun 15, 2011Altostratus
hi Aaron,
thanks for the very prompt reply, this is what I did, have to wait for change to be approved before I can implement it. Hopefully this will resolve the issue and anyone else facing the same problem can follow the same steps.
1. Got the customer to send me their intermediate certificate. Namely from Thawte in my case. The format they sent is thawte.cer
2. I converted the certifcate form der/binary to standard pem, which is clear text (with begin cert end)
3. cat converted-cert.crt > /config/ssl/ssl.crt/copy.myca.bundle.crt
4. applied the copy.myca.bundle.crt to the client ssl profile defined for the trusted certificate authority to replace myca.bundle.crt
Will update if it work. What I don't understand is why the client certificate suddenly not trusted when they didn't change their certificate. They did however update on their machine the intermediate certificate.
In my log it looked like the cert count = 2, I am wondering did the client sent 2 certificates? 1st is their certificate and 2nd one is their intermediate certificate and those two are the one used by F5 to compare? Sorry for my ignorance about SSL certificate. :)